Closed ncc-erik-steringer closed 2 years ago
Per https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html#not-restricted-by-scp , it is not possible to use SCPs to restrict service-linked roles. This means we need to update the simulator to skip SCP-checks in those cases. The way to determine if a role is a service-linked role is via if its name starts with AWSServiceRoleFor.
AWSServiceRoleFor
Finished with v1.1.5.
Per https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html#not-restricted-by-scp , it is not possible to use SCPs to restrict service-linked roles. This means we need to update the simulator to skip SCP-checks in those cases. The way to determine if a role is a service-linked role is via if its name starts with
AWSServiceRoleFor
.